#!/usr/bin/env python3
# -*- coding:utf-8 -*-
#############################################################################
# Copyright (c) 2024 Huawei Technologies Co.,Ltd.
#
# openGauss is licensed under Mulan PSL v2.
# You can use this software according to the terms
# and conditions of the Mulan PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
#
#          http://license.coscl.org.cn/MulanPSL2
#
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OF ANY KIND,
# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
# ----------------------------------------------------------------------------
# Description  : gs_checkse is a tool used to check and set security configurations.
#############################################################################

import os
import sys
import subprocess

sys.path.append(sys.path[0] + '/../lib')
from gspylib.threads.SshTool import SshTool
from gspylib.common.GaussLog import GaussLog
from gspylib.common.Common import DefaultValue
from gspylib.common.OMCommand import OMCommand
from gspylib.common.DbClusterInfo import dbClusterInfo
from gspylib.common.ErrorCode import ErrorCode
from gspylib.common.ParameterParsecheck import Parameter
from base_utils.os.file_util import FileUtil
from base_utils.os.net_util import NetUtil
from domain_utils.domain_common.cluster_constants import ClusterConstants
from base_utils.common.constantsbase import ConstantsBase
from base_utils.os.user_util import UserUtil
from domain_utils.cluster_file.cluster_config_file import ClusterConfigFile
from base_utils.os.env_util import EnvUtil

#############################################################################
# Global variables
#   gs_checkse_version: the gs_checkse verion number
#   g_opts: globle option
#   g_logger: globle logger
#   g_sshTool: globle ssh interface
#   g_SECheckOpts: options about all checking and setting items
#   DEFAULT_INTERVAL: default space number
#   CHECK_ITEMNUMLIST: checking item list
#   SET_ITEMNUMLIST: setting item list
#   LOG_DIR: the log directory about gs_checkse
#############################################################################
g_opts = None
g_logger = None
g_sshTool = None
host = None
g_clusterInfo = None
g_SECheckOpts = {
    'A1': ['Checking items', '[ Checking Connection configuration ]', 'Normal', 'OK', 'OK'],
    'A2': ['Checking items', '[ File directory security ]', 'Normal', 'OK', 'OK'],
    'A3': ['Checking items', '[ Security authentication configuration ]', 'Normal', 'OK', 'OK'],
    'A4': ['Checking items', '[ Account_password_management ]', 'Normal', 'OK', 'OK'],
    'A5': ['Checking items', '[ Permission management ]', 'Normal', 'OK', 'OK'],
    'A6': ['Checking items', '[ Database auditing ]', 'Normal', 'OK', 'OK'],
    'A7': ['Checking items', '[ Error reporting and logging configuration ]', 'Normal', 'OK', 'OK'],
    'A8': ['Checking items', '[ Backup configuration ]', 'Normal', 'OK', 'OK'],
    'A9': ['Checking items', '[ Runtime environment configuration ]', 'Normal', 'OK', 'OK'],
    'A10': ['Checking items', '[ Other configurations ]', 'Normal', 'OK', 'OK'],
    'B1': ['Setting items', '[ Set Connection configuration ]', 'Normal', 'OK', 'OK'],
    'B2': ['Setting items', '[ Set File directory security ]', 'Normal', 'OK', 'OK'],
    'B3': ['Setting items', '[ Set Security authentication configuration ]', 'Normal', 'OK', 'OK'],
    'B4': ['Setting items', '[ Set Account password management ]', 'Normal', 'OK', 'OK'],
    'B5': ['Setting items', '[ Set Permission management ]', 'Normal', 'OK', 'OK'],
    'B6': ['Setting items', '[ Set Database auditing ]', 'Normal', 'OK', 'OK'],
    'B7': ['Setting items', '[ Set Error reporting and logging configuration ]', 'Normal', 'OK', 'OK'],
    'B8': ['Setting items', '[ Set Backup configuration ]', 'Normal', 'OK', 'OK'],
    'B9': ['Setting items', '[ Set Runtime environment configuration ]', 'Normal', 'OK', 'OK'],
    'B10': ['Setting items', '[ Set Other configurations ]', 'Normal', 'OK', 'OK']}
DEFAULT_INTERVAL = 60
DEFAULT_CONSISTENCY_INTERVAL = 6
CHECK_ITEMNUMLIST = ['A1', 'A2', 'A3', 'A4', 'A5', 'A6', 'A7', 'A8', 'A9', 'A10']
SET_ITEMNUMLIST = ['B1', 'B2', 'B3', 'B4', 'B5', 'B6', 'B7', 'B8', 'B9', 'B10']
LOG_DIR = "/tmp/gs_checkse"
Local_CheckSe = ""
Local_Check = ""
#######################################################
# action option strings
ACTION_CHECK_Connection_configuration = "Check_Connection_configuration"
ACTION_CHECK_File_directory_security = "Check_File_directory_security"
ACTION_CHECK_Security_authentication_configuration = "Check_Security_authentication_configuration"
ACTION_CHECK_Account_password_management = "Check_Account_password_management"
ACTION_CHECK_Permission_management = "Check_Permission_management"
ACTION_CHECK_Database_auditing = "Check_Database_auditing"
ACTION_CHECK_Error_reporting_and_logging_configuration = "Check_Error_reporting_and_logging_configuration"
ACTION_CHECK_Backup_configuration = "Check_Backup_configuration"
ACTION_CHECK_Runtime_environment_configuration = "Check_Runtime_environment_configuration"
ACTION_CHECK_Other_configurations = "Check_Other_configurations"

ACTION_SET_Connection_configuration = "Set_Connection_configuration"
ACTION_SET_File_directory_security = "Set_File_directory_security"
ACTION_SET_Security_authentication_configuration = "Set_Security_authentication_configuration"
ACTION_SET_Account_password_management = "Set_Account_password_management"
ACTION_SET_Permission_management = "Set_Permission_management"
ACTION_SET_Database_auditing = "Set_Database_auditing"
ACTION_SET_Error_reporting_and_logging_configuration = "Set_Error_reporting_and_logging_configuration"
ACTION_SET_Backup_configuration = "Set_Backup_configuration"
ACTION_SET_Runtime_environment_configuration = "Set_Runtime_environment_configuration"
ACTION_SET_Other_configurations = "Set_Other_configurations"


#######################################################
class CmdOptions():
    """
    init the command options
    """

    def __init__(self):
        self.hostnamestr = DefaultValue.EMPTY_STR
        self.itemstr = DefaultValue.EMPTY_STR
        self.hostlistfile = DefaultValue.EMPTY_STR
        self.hostnameList = []
        self.outputfile = DefaultValue.EMPTY_STR
        self.logFile = DefaultValue.EMPTY_STR
        self.localLog = DefaultValue.EMPTY_STR
        self.database = DefaultValue.EMPTY_STR
        self.set = False
        self.detail = False
        self.detail_all = False
        self.item_detail = []
        self.confFile = DefaultValue.EMPTY_STR
        self.localMode = False
        self.skip_cgroup_set = False

    #########################################################


# Init global log
#########################################################
def initGlobals():
    """
    init the global parameter g_logger and g_sshTool
    """
    global g_logger
    global g_sshTool
    global g_clusterInfo
    g_logger = GaussLog(g_opts.logFile, "gs_checkse")
    dirName = os.path.dirname(g_opts.logFile)
    g_opts.localLog = os.path.join(dirName, ClusterConstants.LOCAL_LOG_FILE)
    g_sshTool = SshTool(g_opts.hostnameList, g_logger.logFile,
                        DefaultValue.TIMEOUT_PSSH_CHECK)
    g_clusterInfo = dbClusterInfo()
    if (g_opts.confFile != ""):
        g_clusterInfo.initFromXml(g_opts.confFile)


#############################################################################
# Parse and check parameters
#############################################################################
def usage():
    """
gs_checkse is a tool used to check and set security configurations.

Usage:
  gs_checkse -? | --help
  gs_checkse -V | --version
  gs_checkse -i ITEM [-f HOSTFILE] [-h HOSTNAME] [-X XMLFILE] [--detail] [-o OUTPUT] [-l LOGFILE]

General options:
  -i                              Item number. To check all items, enter  "-i A". To set all parameters, enter "-i B".
                                  To check multiple status, enter the items in the following format: "-i A1,A2,A3".
  -f                              File listing names of all the hosts to connect to. The host names are separated by line breaks.
  -h                              Name of the host to connect to.
  -X                              Configuration file of the cluster.
     --detail                     Show detailed information.
     --database                   Specify the database to check.
  -o                              Save the result to the specified file.
  -l                              Path of log file.
  -? --help                       Show help information for this utility, and exit the command line mode.
  -V --version                    Show version information.


Item number description:
    'A1': [ Checking Connection configuration ]
    'A2': [ File directory security ]
    'A3': [ Security authentication configuration ]
    'A4': [ Account_password_management ]
    'A5': [ Permission management ]
    'A6': [ Database auditing ]
    'A7': [ Error reporting and logging configuration ]
    'A8': [ Backup configuration ]
    'A9': [ Runtime environment configuration ]
    'A10': [ Other configurations ]
    'B1': [ Set Connection configuration ]
    'B2': [ Set File directory security ]
    'B3': [ Set Security authentication configuration ]
    'B4': [ Set Account password management ]
    'B5': [ Set Permission management ]
    'B6': [ Set Database auditing ]
    'B7': [ Set Error reporting and logging configuration ]
    'B8': [ Set Backup configuration ]
    'B9': [ Set Runtime environment configuration ]
    'B10': [ Set Other configurations ]

    """
    print(usage.__doc__)


def parseHostnameOpts(value):
    """
    parse hostnames by value
    """
    if (len(value) > 1):
        for val in value:
            val = val.strip()
            if val != "" and val not in g_opts.hostnameList:
                g_opts.hostnameList.append(val)
    else:
        g_opts.hostnameList.append(value[0])


def parseItemOpts(itemList):
    """
    parse items by value
    """
    value = []
    for val in itemList:
        if (len(val.split(',')) > 1):
            for i in val.split(','):
                value.append(i)
        else:
            value.append(val)
    if (len(value) > 1):
        for val in value:
            val = val.strip().upper()
            if (val in CHECK_ITEMNUMLIST or val.upper() == "A" or
                    val in SET_ITEMNUMLIST or val.upper() == "B"):
                if val not in g_opts.item_detail:
                    g_opts.item_detail.append(val)
            else:
                GaussLog.exitWithError(
                    ErrorCode.GAUSS_500["GAUSS_50004"] % 'i')
    else:
        value = value[0].upper()
        if (value in CHECK_ITEMNUMLIST or value == "A" or
                value in SET_ITEMNUMLIST or value == "B"):
            if value not in g_opts.item_detail:
                g_opts.item_detail.append(value)
        else:
            GaussLog.exitWithError(ErrorCode.GAUSS_500["GAUSS_50004"] % 'i')


def parseCommandLine():
    """
    Parse command line and save to global variable
    """
    global g_opts
    g_opts = CmdOptions()

    ParaObj = Parameter()
    ParaDict = ParaObj.ParameterCommandLine("checkse")
    if (ParaDict.__contains__("helpFlag")):
        usage()
        sys.exit(0)
    if (ParaDict.__contains__("logFile")):
        g_opts.logFile = ParaDict.get("logFile")
    if (ParaDict.__contains__("confFile")):
        g_opts.confFile = ParaDict.get("confFile")
    if (ParaDict.__contains__("nodename")):
        g_opts.hostnamestr = ParaDict.get("nodename")
    if (ParaDict.__contains__("hostfile")):
        g_opts.hostlistfile = ParaDict.get("hostfile")
    if (ParaDict.__contains__("outFile")):
        g_opts.outputfile = ParaDict.get("outFile")
    if (ParaDict.__contains__("itemstr")):
        g_opts.itemstr = ParaDict.get("itemstr")
    if (ParaDict.__contains__("show_detail")):
        g_opts.detail = ParaDict.get("show_detail")
    if (ParaDict.__contains__("database")):
        g_opts.database = ParaDict.get("database")


def getUserInfo():
    """
    function: get user
    input: NA
    output: NA
    """
    if os.getuid() != 0:
        user_info = UserUtil.getUserInfo()
        g_opts.user = user_info.get("name")
        DefaultValue.checkPathVaild(g_opts.user)


def readHostFile(hostfile):
    """
    read host file to hostlist
    """
    try:
        with open(hostfile, "r") as fp:
            for readline in fp:
                hostname = readline.strip().split("\n")[0]
                if hostname != "" and hostname not in hostfile:
                    g_opts.hostnameList.append(hostname)
    except Exception as e:
        GaussLog.exitWithError(ErrorCode.GAUSS_502["GAUSS_50204"] %
                               hostfile + " Error: \n%s" % str(e))


def checkHostList():
    """
    """
    if (g_opts.hostnamestr == "" and g_opts.hostlistfile == ""):
        g_opts.hostnameList = [NetUtil.GetHostIpOrName()]
    elif (g_opts.hostnamestr != "" and g_opts.hostlistfile != ""):
        GaussLog.exitWithError(
            ErrorCode.GAUSS_500["GAUSS_50005"] % ('h', 'f'))
    elif (g_opts.hostnamestr == "" and g_opts.hostlistfile != ""):
        if (not os.path.isfile(g_opts.hostlistfile)):
            GaussLog.exitWithError(
                ErrorCode.GAUSS_502["GAUSS_50201"] % g_opts.hostlistfile)
        else:
            readHostFile(g_opts.hostlistfile)
    else:
        parseHostnameOpts(g_opts.hostnamestr)


def checkConfigFile():
    """
    """
    if (g_opts.confFile != ""):
        if (not os.path.isfile(g_opts.confFile)):
            GaussLog.exitWithError(
                ErrorCode.GAUSS_502["GAUSS_50201"] % g_opts.confFile)


def getCheckseLogPath(log_name, xml):
    """
    function: get the checkse log path
    input: log_name, xml
    output: fullLogPath
    """
    try:
        gs_checkse_log_path = ""
        # get the log path
        configedLogPath = ClusterConfigFile.getOneClusterConfigItem("gaussdbLogPath", xml)
        DefaultValue.checkPathVaild(configedLogPath)
        # check gaussdbLogPath is not null
        if configedLogPath == "":
            gs_checkse_log_path = "%s/%s/om/%s" % (
                ClusterConstants.GAUSSDB_DIR, g_opts.user, log_name)
        else:
            gs_checkse_log_path = "%s/%s/om/%s" % (
                os.path.normpath(configedLogPath), g_opts.user, log_name)
        UserUtil.check_path_owner(gs_checkse_log_path)
        return gs_checkse_log_path
    except Exception as e:
        GaussLog.exitWithError(str(e))


def createLogFile():
    cmd = "(if [ ! -d %s ]; then mkdir -p %s -m %s; fi)" % (
        LOG_DIR, LOG_DIR, DefaultValue.KEY_DIRECTORY_MODE)
    (status, output) = subprocess.getstatusoutput(cmd)
    if (status != 0):
        GaussLog.exitWithError(ErrorCode.GAUSS_502["GAUSS_50208"]
                               % "log of gs_checkse" + " Error: \n%s."
                               % output + "The cmd is %s" % cmd)
    g_opts.logFile = os.path.join(LOG_DIR, ClusterConstants.GS_CHECKSE_LOG_FILE)


def setLogFile():
    """
    """
    if (g_opts.logFile == ""):
        # get gausslog from env
        gauss_log = EnvUtil.getEnv("GAUSSLOG")
        if gauss_log:
            g_opts.logFile = os.path.normpath(
                os.path.join(gauss_log, g_opts.user, "om", ClusterConstants.GS_CHECKSE_LOG_FILE))
        # get gausslog from xml
        elif g_opts.confFile:
            g_opts.logFile = getCheckseLogPath(ClusterConstants.GS_CHECKSE_LOG_FILE, g_opts.confFile)
            if (not os.path.isabs(g_opts.logFile)):
                GaussLog.exitWithError(ErrorCode.GAUSS_502["GAUSS_50213"]
                                       % g_opts.logFile)
        else:
            createLogFile()

        UserUtil.check_path_owner(g_opts.logFile)


def setDatabase():
    """
    Set database name
    """
    if(g_opts.database == DefaultValue.EMPTY_STR):
        g_opts.database = DefaultValue.DEFAULT_DB_NAME


def checkItems():
    """
    """
    if (g_opts.itemstr == ""):
        GaussLog.exitWithError(ErrorCode.GAUSS_500["GAUSS_50001"] % "i" + ".")


def checkOutputFile():
    """
    """
    try:
        if (g_opts.outputfile != ""):
            DefaultValue.checkOutputFile(g_opts.outputfile)
    except Exception as e:
        GaussLog.exitWithError(str(e))


def checkParameter():
    """
    Check parameter from command line
    """
    getUserInfo()
    ############################################
    # check hostlist info
    ###########################################
    checkHostList()
    # check config file
    checkConfigFile()
    if (len(g_opts.hostnameList) == 0):
        g_opts.hostnameList = [NetUtil.GetHostIpOrName()]
    g_opts.hostnameList.sort()
    checkHostnameList()
    ##########################################
    # set logfile
    ############################################
    setLogFile()
    ##########################################
    setDatabase()
    ##########################################
    # set items
    ############################################
    checkItems()

    parseItemOpts(g_opts.itemstr)
    if (("B" in g_opts.item_detail)):
        g_opts.set = True
    else:
        for i in SET_ITEMNUMLIST:
            for j in g_opts.item_detail:
                if (j == i):
                    g_opts.set = True
                    break
    if (g_opts.set == True):
        if ("A" in g_opts.item_detail):
            GaussLog.exitWithError(ErrorCode.GAUSS_500["GAUSS_50004"] % 'i'
                                   + " Checking items and setting items"
                                     " can't be used together.")
        for i in CHECK_ITEMNUMLIST:
            for j in g_opts.item_detail:
                if (j == i):
                    GaussLog.exitWithError(ErrorCode.GAUSS_500["GAUSS_50004"]
                                           % 'i' + " Checking items and "
                                                   "setting items can't be"
                                                   " used together.")

    ############################################
    # check output file
    ############################################
    checkOutputFile()


def doCheckSE(itemNumber):
    """
    do the checing ation by item
    """
    if (itemNumber == 'A1'):
        checkConnectionConfiguration()
    elif (itemNumber == 'A2'):
        checkFileSecurity()
    elif (itemNumber == 'A3'):
        checkSecurityAuthConf()
    elif (itemNumber == 'A4'):
        checkAccountPasswordManagement()
    elif (itemNumber == 'A5'):
        checkPermissionManagement()
    elif (itemNumber == 'A6'):
        checkDatabaseAuditing()
    elif (itemNumber == 'A7'):
        checkErrorReportingAndLoggingConfiguration()
    elif (itemNumber == 'A8'):
        checkBackupConfiguration()
    elif (itemNumber == 'A9'):
        checkRuntimeEnvironmentConfiguration()
    elif (itemNumber == 'A10'):
        checkOtherConfigurations()


def doSetSE(itemNumber):
    """
    do the setting ation by item
    """
    if (itemNumber == 'B1'):
        setConnectionConfiguration()
    elif (itemNumber == 'B2'):
        setFileDirectorySecurity()
    elif (itemNumber == 'B3'):
        setSecurityAuthenticationConfiguration()
    elif (itemNumber == 'B4'):
        setAccountPasswordManagement()
    elif (itemNumber == 'B5'):
        setPermissionManagement()
    elif (itemNumber == 'B6'):
        setDatabaseAuditing()
    elif (itemNumber == 'B7'):
        setErrorReportingAndLoggingConfiguration()
    elif (itemNumber == 'B8'):
        setBackupConfiguration()
    elif (itemNumber == 'B9'):
        setRuntimeEnvironmentConfiguration()
    elif (itemNumber == 'B10'):
        setOtherConfigurations()


def performCheckorSetSE(action_item, flag_str, success_mesg, item_num,
                        warning_level, configFile="", command="",
                        parameters=""):
    """
    action_item   :     action item
    flag_str      :     failed flag string
    success_mesg  :     success message information
    item_num      :     item number
    warning_level :     warning level, warning or  Abnormal
    parameters    :     multiple strings of parameters
    """
    try:
        if command == "":
            command = Local_CheckSe
        if (configFile != ""):
            cmd = "%s -t %s -X '%s' -l '%s' --database=%s %s" % (
                command, action_item, configFile, g_opts.localLog, g_opts.database, parameters)
        else:
            cmd = "%s -t %s -l '%s' --database=%s %s" % (
                command, action_item, g_opts.localLog, g_opts.database, parameters)
        (status, output, outputMap) = getCmdOutput(cmd)
        parRes = ""
        detail_msg = ""
        for node in list(status.keys()):
            if (status[node] != DefaultValue.SUCCESS):
                g_logger.logExit("        [%s]: \n" % node +
                                 ErrorCode.GAUSS_516["GAUSS_51632"] % cmd
                                 + " Error: \n%s" % outputMap[node].strip())
            if (outputMap[node].find(flag_str) >= 0):
                g_SECheckOpts[item_num][2] = warning_level
                parRes += "        [%s]\n%s\n" % (node, outputMap[node])
            else:
                detail_msg += "        [%s]\n%s\n" % (node, outputMap[node])
            if (outputMap[node].find("Warning reason") >= 0
                    and outputMap[node].find("Abnormal") < 0):
                if (g_SECheckOpts[item_num][2] != "Abnormal"):
                    g_SECheckOpts[item_num][2] = "Warning"
                parRes += "        [%s]\n%s\n" % (node, outputMap[node])
        if (parRes != ""):
            raise Exception("%s" % parRes)
        if (g_SECheckOpts[item_num][2] != warning_level):
            g_SECheckOpts[item_num][3] = "\n        %s" % success_mesg
        if g_SECheckOpts[item_num][4] != "OK":
            g_SECheckOpts[item_num][4] = formatResault(
                detail_msg, g_SECheckOpts[item_num][4])
        else:
            g_SECheckOpts[item_num][4] = "\n%s" % detail_msg
    except Exception as e:
        g_logger.debug(str(e))
        if (g_SECheckOpts[item_num][2] == "Normal"):
            g_SECheckOpts[item_num][2] = '%s' % warning_level
        g_SECheckOpts[item_num][3] = "\n%s" % str(e)
        g_SECheckOpts[item_num][4] = "\n%s" % str(e)


def checkConnectionConfiguration():
    """
    Checking Monitor IP
    """
    g_logger.debug("Checking Connection configuration.")
    performCheckorSetSE(ACTION_CHECK_Connection_configuration,
                        "Checking Connection configuration failed.",
                        "Checking Connection configuration succeeded.",
                        "A1", "Warning")
    g_logger.debug("Successfully checked Monitoring Host IP Address.")


def checkFileSecurity():
    """
    Checking File directory security
    """
    g_logger.debug("Checking CHECK File directory security.")
    performCheckorSetSE(ACTION_CHECK_File_directory_security,
                        "Checking File directory security failed.",
                        "Checking File directory security succeeded.", "A2",
                        "Warning")
    g_logger.debug("Successfully checked File directory security.")


def checkSecurityAuthConf():
    """
    Checking Security authentication configuration
    """
    g_logger.debug("Checking Security authentication configuration.")
    performCheckorSetSE(ACTION_CHECK_Security_authentication_configuration,
                        "Checking Security authentication configuration failed.",
                        "Checking Security authentication configuration succeeded.",
                        "A3", "Warning")
    g_logger.debug("Successfully checked Security authentication configuration.")


def checkAccountPasswordManagement():
    """
    Checking Account password management
    """
    g_logger.debug("Checking Account password management.")
    performCheckorSetSE(ACTION_CHECK_Account_password_management,
                        "Checking Account password management failed.",
                        "Checking Account password management succeeded.",
                        "A4", "Warning")
    g_logger.debug("Successfully checked Account password management.")


def checkPermissionManagement():
    """
    Checking Permission management
    """
    g_logger.debug("Checking Permission management")
    performCheckorSetSE(ACTION_CHECK_Permission_management,
                        "Checking Permission management failed.",
                        "Checking Permission management succeeded.",
                        "A5", "Warning")
    g_logger.debug("Successfully checked Permission management.")


def checkDatabaseAuditing():
    """
    Checking Database Auditing
    """
    g_logger.debug("Checking Database auditing")
    performCheckorSetSE(ACTION_CHECK_Database_auditing,
                        "Checking Database auditing failed.",
                        "Checking Database auditing succeeded.",
                        "A6", "Warning")
    g_logger.debug("Successfully checked Database auditing")


def checkErrorReportingAndLoggingConfiguration():
    """
    Checking Error Reporting And Logging Configuration
    """
    g_logger.debug("Checking Error reporting and logging configuration")
    performCheckorSetSE(ACTION_CHECK_Error_reporting_and_logging_configuration,
                        "Checking Error reporting and logging configuration failed.",
                        "Checking Error reporting and logging configuration succeeded.",
                        "A7", "Warning")
    g_logger.debug("Successfully checked Error reporting and logging configuration")


def checkBackupConfiguration():
    """
    Checking Backup Configuration
    """
    g_logger.debug("Checking Backup configuration")
    performCheckorSetSE(ACTION_CHECK_Backup_configuration,
                        "Checking Backup configuration failed.",
                        "Checking Backup configuration succeeded.",
                        "A8", "Warning")
    g_logger.debug("Successfully checked Backup configuration")


def checkRuntimeEnvironmentConfiguration():
    """
    Checking Runtime Environment Configuration
    """
    g_logger.debug("Checking Runtime environment configuration")
    performCheckorSetSE(ACTION_CHECK_Runtime_environment_configuration,
                        "Checking Runtime environment configuration failed.",
                        "Checking Runtime environment configuration succeeded.",
                        "A9", "Warning")
    g_logger.debug("Successfully checked Runtime environment configuration")


def checkOtherConfigurations():
    """
    Checking Other Configurations
    """
    g_logger.debug("Checking Other configurations")
    performCheckorSetSE(ACTION_CHECK_Other_configurations,
                        "Checking Other configurations failed.",
                        "Checking Other configurations succeeded.",
                        "A10", "Warning")
    g_logger.debug("Successfully checked Other configurations")


def setConnectionConfiguration():
    """
    Setting Connection configuration
    """
    g_logger.debug("Setting Connection configuration.")
    performCheckorSetSE(ACTION_SET_Connection_configuration, "Failed",
                        "Setting Connection configuration succeed.", "B1",
                        "Abnormal")
    g_logger.debug("Successfully setted Connection configuration.")


def setFileDirectorySecurity():
    """
    Setting File Directory Security
    """
    g_logger.debug("Setting File Directory Security.")
    performCheckorSetSE(ACTION_SET_File_directory_security, "Failed",
                        "Setting File Directory Security succeed.", "B2",
                        "Abnormal")
    g_logger.debug("Successfully setted File Directory Security.")


def setSecurityAuthenticationConfiguration():
    """
    Setting Security authentication configuration
    """
    g_logger.debug("Setting Security authentication configuration.")
    performCheckorSetSE(ACTION_SET_Security_authentication_configuration, "Failed",
                        "Setting Security authentication configuration succeed.", "B3",
                        "Abnormal")
    g_logger.debug("Successfully setted Security authentication configuration.")


def setAccountPasswordManagement():
    """
    Setting Account Password Management
    """
    g_logger.debug("Setting Account Password Management.")
    performCheckorSetSE(ACTION_SET_Account_password_management, "Failed",
                        "Setting Account Password Management succeed.", "B4",
                        "Abnormal")
    g_logger.debug("Successfully setted Account Password Management.")


def setPermissionManagement():
    """
    Setting Permission management
    """
    g_logger.debug("Setting Permission management.")
    performCheckorSetSE(ACTION_SET_Permission_management, "Failed",
                        "Setting Permission management succeed.", "B5",
                        "Abnormal")
    g_logger.debug("Successfully setted Permission management.")


def setDatabaseAuditing():
    """
    Setting Database auditing
    """
    g_logger.debug("Setting Database auditing.")
    performCheckorSetSE(ACTION_SET_Database_auditing, "Failed",
                        "Setting Database auditing succeed.", "B6",
                        "Abnormal")
    g_logger.debug("Successfully setted Database auditing.")


def setErrorReportingAndLoggingConfiguration():
    """
    Setting Error reporting and logging configuration
    """
    g_logger.debug("Setting Error reporting and logging configuration.")
    performCheckorSetSE(ACTION_SET_Error_reporting_and_logging_configuration, "Failed",
                        "Setting Error reporting and logging configuration succeed.", "B7",
                        "Abnormal")
    g_logger.debug("Successfully setted Error reporting and logging configuration.")


def setBackupConfiguration():
    """
    Setting Backup configuration
    """
    g_logger.debug("Setting Backup configuration.")
    performCheckorSetSE(ACTION_SET_Backup_configuration, "Failed",
                        "Setting Backup configuration succeed.", "B8",
                        "Abnormal")
    g_logger.debug("Successfully setted Backup configuration")


def setRuntimeEnvironmentConfiguration():
    """
    Setting Runtime environmen configuration
    """
    g_logger.debug("Setting Runtime environmen configuration.")
    performCheckorSetSE(ACTION_SET_Runtime_environment_configuration, "Failed",
                        "Setting Runtime environmen configuration succeed.", "B9",
                        "Abnormal")
    g_logger.debug("Successfully setted Runtime environmen configuration")


def setOtherConfigurations():
    """
    Setting Other configurations
    """
    g_logger.debug("Setting Other configurations.")
    performCheckorSetSE(ACTION_SET_Other_configurations, "Failed",
                        "Setting Other configurations succeed.", "B10",
                        "Abnormal")
    g_logger.debug("Successfully setted Other configurations")


def formatResault(result_Str1, result_Str2):
    """
    get add result of to dict
    """
    result = ""
    result_list1 = result_Str1.strip("\n").split("\n\n")
    result_list2 = result_Str2.strip("\n").split("\n\n")
    for nodeInfo1 in result_list1:
        result += ("\n" + nodeInfo1.split("\n")[0])
        result += ("\n" + "\n".join(nodeInfo1.split("\n")[1:]))
        for nodeInfo2 in result_list2:
            if nodeInfo1.split("\n")[0].strip() == nodeInfo2.split("\n")[0].strip():
                result += ("\n" + "\n".join(nodeInfo2.split("\n")[1:]) + "\n")
    return result


def getLocalIPAddr():
    '''
    function: get all ips from configuration file
    input : NA
    output: Ips
    '''
    Ips = ""

    if (g_opts.confFile == ""):
        localHostIp = DefaultValue.getIpByHostName()
        Ips = localHostIp
    else:
        for node in g_clusterInfo.dbNodes:
            if (node.name == NetUtil.GetHostIpOrName()):
                Ips = node.backIps[0]
    return Ips


def DisplayResultInformation(Item, output):
    """
    display the result information
    """
    if ("A" in g_opts.item_detail) or ("B" in g_opts.item_detail):
        if (Item in ("A1", "B1")):
            if (g_opts.detail):
                print("%s:\n    %s: %s %s" % (
                    g_SECheckOpts[Item][0],
                    ("%s%s" %
                     (("%s." % Item).ljust(4),
                      g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                    g_SECheckOpts[Item][2].ljust(10),
                    g_SECheckOpts[Item][3].ljust(DEFAULT_INTERVAL)),
                      file=output)
            elif (g_opts.detail_all):
                print("%s:\n    %s: %s %s" %
                      (g_SECheckOpts[Item][0],
                       ("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2].ljust(10),
                       g_SECheckOpts[Item][4].ljust(DEFAULT_INTERVAL)),
                      file=output)
            else:
                print("%s:\n    %s: %s" %
                      (g_SECheckOpts[Item][0],
                       ("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2]), file=output)
        else:
            if (g_opts.detail):
                print("    %s: %s %s" %
                      (("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2].ljust(10),
                       g_SECheckOpts[Item][3].ljust(DEFAULT_INTERVAL)),
                      file=output)
            elif (g_opts.detail_all):
                print("    %s: %s %s" %
                      (("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2].ljust(10),
                       g_SECheckOpts[Item][4].ljust(DEFAULT_INTERVAL)),
                      file=output)
            else:
                print("    %s: %s" %
                      (("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2]), file=output)
    else:
        orderItems = []
        for i in [CHECK_ITEMNUMLIST, SET_ITEMNUMLIST]:
            bb = []
            for j in g_opts.item_detail:
                if j in i:
                    bb.append(j)
            tmp = sorted(bb)
            bb = tmp
            if (bb != []):
                orderItems.append(bb[0])
        if (Item in orderItems):
            if (g_opts.detail):
                print("%s\n    %s: %s %s" %
                      (g_SECheckOpts[Item][0],
                       ("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2].ljust(10),
                       g_SECheckOpts[Item][3].ljust(DEFAULT_INTERVAL)),
                      file=output)
            elif (g_opts.detail_all):
                print("%s\n    %s: %s %s" %
                      (g_SECheckOpts[Item][0],
                       ("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2].ljust(10),
                       g_SECheckOpts[Item][4].ljust(DEFAULT_INTERVAL)),
                      file=output)
            else:
                print("%s\n    %s: %s" %
                      (g_SECheckOpts[Item][0],
                       ("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2]), file=output)
        else:
            if (g_opts.detail):
                print("    %s: %s %s" %
                      (("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2].ljust(10),
                       g_SECheckOpts[Item][3].ljust(DEFAULT_INTERVAL)),
                      file=output)
            elif (g_opts.detail_all):
                print("    %s: %s %s" %
                      (("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2].ljust(10),
                       g_SECheckOpts[Item][4].ljust(DEFAULT_INTERVAL)),
                      file=output)
            else:
                print("    %s: %s" %
                      (("%s%s" %
                        (("%s." % Item).ljust(4),
                         g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
                       g_SECheckOpts[Item][2]), file=output)


def cmpItem(item1, item2):
    """
    sort item
    """
    if (item1[0] < item2[0]):
        return -1
    elif (item1[0] > item2[0]):
        return 1
    else:
        if (int(item1[1:]) < int(item2[1:])):
            return -1
        elif (int(item1[1:]) > int(item2[1:])):
            return 1
        else:
            return 0


def checkHostnameList():
    """
    function: check the self.hostnameList is only local hostname
    input: NA
    output:NA
    """

    # get the local hostname
    global host
    host = NetUtil.GetHostIpOrName()

    # if g_opts.hostnameList have only one value,
    # check it whether or not local hostname
    if (len(g_opts.hostnameList) == 1):
        if (g_opts.hostnameList[0] == NetUtil.GetHostIpOrName()):
            g_opts.localMode = True
            return
    try:
        # check the g_opts.hostnameList values are whether or not local IPs
        # obtain the all local IPs
        IPlist = NetUtil.getIpAddressList()
        IPlist.append(host)

        for ip in g_opts.hostnameList:
            if ip not in IPlist:
                return
        g_opts.localMode = True

    except Exception as ex:
        GaussLog.exitWithError(str(ex))


def getCmdOutput(cmd, ssh_conf=""):
    """
    function: execute the cmd and get the output
    input: cmd
    output:status, output, outputMap
    """

    if (g_opts.localMode == True):
        status = {}
        outputMap = {}
        outputCollect = []
        (statusStr, output) = subprocess.getstatusoutput(cmd)
        if (statusStr != 0):
            status[host] = "Failure"
        else:
            status[host] = "Success"
        outputMap[host] = output
    else:
        gp_path = os.path.dirname(os.path.realpath(__file__))
        (status, output) = g_sshTool.getSshStatusOutput(cmd, [], "",
                                                        "%s/../" % gp_path,
                                                        ssh_config=ssh_conf)
        outputMap = g_sshTool.parseSshOutput(g_sshTool.hostNames)

    return (status, output, outputMap)


def main():
    """
    main function
    """

    global Local_CheckSe
    global Local_Check

    try:
        parseCommandLine()
        checkParameter()
        initGlobals()
        gpHome = os.path.dirname(os.path.realpath(__file__))
        Local_CheckSe = OMCommand.getLocalScript("Local_CheckSE")
        Local_Check = OMCommand.getLocalScript("Local_Check")
    except Exception as e:
        GaussLog.exitWithError(str(e))

    if ("A" in g_opts.item_detail):
        itemList = CHECK_ITEMNUMLIST
    elif ("B" in g_opts.item_detail):
        itemList = SET_ITEMNUMLIST
    else:
        sortList = sorted(g_opts.item_detail)
        itemList = sortList

    fp = None
    dirName = "%s/gspylib/etc/conf" % os.path.dirname(
        os.path.realpath(__file__))
    configFile = "%s/check_list.conf" % dirName

    try:
        output = sys.stdout
        if (g_opts.outputfile != ""):
            basepath = os.path.dirname(g_opts.outputfile)
            if (not os.path.isdir(basepath)):
                os.makedirs(basepath, ConstantsBase.KEY_DIRECTORY_PERMISSION)
            FileUtil.createFileInSafeMode(g_opts.outputfile)
            fp = open(g_opts.outputfile, "w")
            output = fp
            g_logger.log("Performing operation system check/set."
                         " Output the result to the file %s."
                         % g_opts.outputfile)

        for item in itemList:
            if (g_opts.set):
                doSetSE(item)
            else:
                doCheckSE(item)
            DisplayResultInformation(item, output)

        if (fp):
            fp.flush()
            fp.close()
        if g_opts.outputfile != "":
            os.chmod(g_opts.outputfile, ConstantsBase.KEY_FILE_PERMISSION)
            g_logger.log("Operation system check/set is completed.")
    except Exception as ex:
        if fp:
            fp.flush()
            fp.close()
        g_logger.logExit(ErrorCode.GAUSS_502["GAUSS_50205"] %
                         g_opts.outputfile + "Error: %s" % str(ex))

    totalNum = 0
    abnormalNum = 0
    warningNum = 0
    for key in itemList:
        totalNum += 1
        if (g_SECheckOpts[key][2] == "Abnormal"):
            abnormalNum += 1
        elif (g_SECheckOpts[key][2] == "Warning"):
            warningNum += 1
    if (g_opts.set):
        g_logger.log("NOTICE: Port value and some warning items can NOT be set."
                     " Please do it manually.")
    g_logger.log("Total numbers:%d. Abnormal numbers:%d. Warning numbers:%d."
                 % (totalNum, abnormalNum, warningNum))
    if (abnormalNum > 0):
        if (g_opts.set == False):
            g_logger.log("Do checking operation finished. Result: Abnormal.")
        else:
            g_logger.log("Do setting operation finished. Result: Abnormal.")

    g_logger.closeLog()
    sys.exit(0)


# the main entry for this script
if __name__ == '__main__':
    main()
